The latest report from healthcare cybersecurity firm Trustwave, finds Britain the third most targeted country in the world by ransomware.
A combination of highly sensitive patient data, legacy systems, increasing reliance on telehealth services, together with more connected devices means that healthcare is a prime target for threat for cyberattacks.
Cybersecurity and managed security services provider Trustwave’s latest threat report looking at the state of the healthcare sector describes the UK as being the third most targeted country by ransomware, behind the US, and India and Canada jointly in second place.
“Healthcare artificial intelligence and technology adoption presents a spectrum of risks that few other industries need to navigate,” said Kory Daniels, chief information security officer at Trustwave. “The risk is not just incredibly sensitive data privacy, but human life and quality of patient care. It’s not hard to see how compromised medical equipment like a ventilator or pump could lead to a wrong dose or missed patient alert that results in death. Complex supply chains, lapses in patches and credential management all have consequences too serious for anyone in the healthcare industry to ignore.”
Outdated practises
The report found that more than one in five (21%) of ransomware attacks focused on public health and government healthcare targets.
“Many healthcare organisations are still grappling with outdated security practices, inadequate authentication measures, and insufficient staff training,” the report says.
More to the point, there is no mention of protecting the healthcare system from cyber threats in the government’s recent Build an NHS Fit for the Future report on the future of the NHS.
The combat this threat, it says that healthcare organisations should implement multi-factor authentication and zero-trust models, and introduce regular cybersecurity audits to enhance security.
Because cybercriminals increasingly target third-party vendors and suppliers, healthcare organisations must strengthen their security frameworks to protect data shared with external partners.
It also makes the point that a robust cybersecurity strategy should include endpoint protection, cybersecurity measures and strategies implemented to protect Internet of Medical Things (IoMT) devices from cyberattacks and vulnerabilities, staff training, dark web monitoring, and a well-defined incident response and recovery plan.
